package com.qfedu.edu.security.config;

import com.qfedu.edu.manager.RedisManager;
import com.qfedu.edu.security.filter.AuthFilter;
import com.qfedu.edu.security.filter.LoginFilter;
import org.qfedu.edu.service.IJwtService;
import org.qfedu.edu.service.ITokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutHandler;

/**
 * @author xiaobobo
 * @title: SecurityConfig
 * @projectName cd-fy-2401-third-project-parent
 * @description: Security的整体的配置文件
 * @date 2024/9/14  9:30
 */
@SpringBootConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

   @Autowired
   private PasswordEncoder passwordEncoder;

   @Autowired
   private UserDetailsService userDetailsService;

   @Autowired
   private AuthenticationEntryPoint authenticationEntryPoint;

   @Autowired
   private LogoutHandler logoutHandler;

   @Autowired
   private ITokenService tokenService;

   @Autowired
   private IJwtService jwtService;

   @Autowired
   private RedisManager redisManager;

   @Value("${jwt.token.expire}")
   private Integer expire;


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     //设置UserDetailService的类和散列类
     auth.userDetailsService(userDetailsService)
             .passwordEncoder(passwordEncoder);

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.exceptionHandling()
               .authenticationEntryPoint(authenticationEntryPoint)
               .and().csrf().disable()
               .authorizeRequests()
               .anyRequest().authenticated()
               .and().logout().logoutUrl("/users/logout")
               .addLogoutHandler(logoutHandler).and()
               .addFilter(new LoginFilter(authenticationManager(),tokenService,redisManager,expire))
               .addFilter(new AuthFilter(authenticationManager(),tokenService,jwtService,redisManager))
               .httpBasic();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {

        //放行这个地址
        web.ignoring().antMatchers("/vipservice/vip/listUserByUsername");

        //放行api开头的数据
        web.ignoring().antMatchers("/searchservice/search/api/**");

        //这个是放行微信的服务器调用我们的服务器的API
        web.ignoring().antMatchers("/payservice/pays/weixinPayNotify");

        //下面需要将 swagger的请求的地址放行 (不需要登陆就能直接访问)
        //在这里需要将swagger的所有的请求路径全部放行
        //所需要用到的静态资源，允许访问
        web.ignoring().antMatchers( "/swagger-ui.html",
                "/swagger-ui/*",
                "/swagger-resources/**",
                "/v2/api-docs",
                "/v3/api-docs",
                "/webjars/**");
    }
}
